This is the mail archive of the
newlib@sourceware.org
mailing list for the newlib project.
[PATCH/RFC] More strict __DECONST, __DEVOLATILE and __DEQUALIFY implementation.
- From: Pavel Pisa <ppisa4lists at pikron dot com>
- To: "newlib at sourceware dot org" <newlib at sourceware dot org>
- Date: Sun, 14 Sep 2014 16:45:01 +0200
- Subject: [PATCH/RFC] More strict __DECONST, __DEVOLATILE and __DEQUALIFY implementation.
- Authentication-results: sourceware.org; auth=none
From: Pavel Pisa <ppisa@pikron.com>
This implementation is able to catch cast to type
which differs not only in qualifiers. It suppresses
warning about incompatible pointer assignment only for
case where pointer types differs in volatile and const
in the first indirection level. If pointers differs
other way, the standard waning is reported.
The actual implementation does not distinguish between
volatile and const removal which is equivalent
to the C++ const_cast which is used for C++ code
too. This can be implemented but there would be
much more lines.
Signed-off-by: Pavel Pisa <pisa@cmp.felk.cvut.cz>
---
newlib/libc/include/sys/cdefs.h | 36 ++++++++++++++++++++++++++++++++++++
1 file changed, 36 insertions(+)
This patch tries to restore some safety in pointers manipulation.
The __DECONST, __DEVOLATILE and __DEQUALIFY macros supress
false warning but original implementation hides more serious
errors when pointers for different types are mixed.
The proposed solution has been tested in some of our projects
and proposed even for RTEMS but discussion with people more
aware of GCC internals is welcomed. I am not sure why cast
to __uintptr_t is used in original code - for warnings
suppression it is not necessary for C/GCC mode. Use of const_cast
for C++ is more straightforward too. Do I miss some alliasing
optimization problems or some other miscompile risk there?
The proposal for newlib is little more optimized and simplified
than previous attempt and was tested only by inclusion in simple test.
It has not been tested in full Newlib based toolchain test yet.
diff --git a/newlib/libc/include/sys/cdefs.h b/newlib/libc/include/sys/cdefs.h
index a5e613c..d1b98fd 100644
--- a/newlib/libc/include/sys/cdefs.h
+++ b/newlib/libc/include/sys/cdefs.h
@@ -571,16 +571,52 @@
#define __COPYRIGHT(s) struct __hack
#endif
+#ifndef __TYPEOF_REFX
+/* The cast idea based on libHX by Jan Engelhardt */
+#define __TYPEOF_REFX(ptr_level, ptr_type) \
+ typeof(ptr_level(union { int z; typeof(ptr_type) x; }){0}.x)
+#endif
+
+#ifndef __DEQUALIFY_DEPTHX
+#ifdef __cplusplus
+#define __DEQUALIFY_DEPTHX(ptr_level, type, var) \
+ (const_cast<type>(var))
+#else /* Standard C code */
+#ifdef __GNUC__
+#define __DEQUALIFY_DEPTHX(ptr_level, type, var) ( \
+ __builtin_choose_expr(__builtin_types_compatible_p \
+ (__TYPEOF_REFX(ptr_level, var), \
+ __TYPEOF_REFX(ptr_level, type)), \
+ (type)(var), \
+ var \
+ ) \
+)
+#endif /*__GNUC__*/
+#endif /*__cplusplus*/
+#endif /*__DEQUALIFY_DEPTHX*/
+
#ifndef __DECONST
+#ifndef __DEQUALIFY_DEPTHX
#define __DECONST(type, var) ((type)(__uintptr_t)(const void *)(var))
+#else
+#define __DECONST(type, var) __DEQUALIFY_DEPTHX(*, type, var)
+#endif
#endif
#ifndef __DEVOLATILE
+#ifndef __DEQUALIFY_DEPTHX
#define __DEVOLATILE(type, var) ((type)(__uintptr_t)(volatile void *)(var))
+#else
+#define __DEVOLATILE(type, var) __DEQUALIFY_DEPTHX(*, type, var)
+#endif
#endif
#ifndef __DEQUALIFY
+#ifndef __DEQUALIFY_DEPTHX
#define __DEQUALIFY(type, var) ((type)(__uintptr_t)(const volatile void *)(var))
+#else
+#define __DEQUALIFY(type, var) __DEQUALIFY_DEPTHX(*, type, var)
+#endif
#endif
/*-
--
1.9.1